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REMARKS 

Corrections have been made to the specification. Claims 1,3 - 4, 14 - 1 5, 22 - 23, 28, 30 
- 3 1, 33, and 36 have been amended. Claim 32 has been cancelled from the application without 
prejudice. Claim 37 has been added. No new matter has been introduced with these corrections, 
amendments, or added claim , all of which are supported in the specification as originally filed. 
Claims I - 31 and 33 - 37 are now in the application. 

L Re jection under 35 U.S.C. §112. second paragraph 

Paragraphs 3-4 of the Office Action dated Jury 27, 2004 (hereinafter, "the Office 
Action") state that Claim 32 is rejected under 35 U.S.C. §112, second paragraph as being 
indefinite, and in particular, the term "the boundary device" is considered problematic. Claim 32 
has been cancelled from the application without prejudice, and the Examiner is respectfully 
requested to withdraw this rejection. 

n. Refection under 35 Tl.S.C. 6102^ 

Paragraph 6 of the Office Action states that Claim 36 is rejected tinder 35 U.S.C. § 102(b) 
as being anticipated by U. S. Patent 5,940,591 to Boyle. This rejection is respectfully traversed. 

Claim 36 has been amended to clarify that the first and second devices are gnd devices; 
that network segments exist between these end devices and a boundary device that provides 
network-layer protection; that the security enforcement function operates in this boundary device; 
and that the packet-handling directives are used to determine whether to forward packets. 
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Boyle's teachings pertain to upper layers (and in particular, the session layer) of a 
communications protocol stack (in contrast to Applicant's network-layer boundary device). See, 
for example, lines 7 and 13 of the Abstract; col. 2, lines 51 -52, 58, and 64; col. 3, lines 62 - 63; 
col. 4, lines 2 - 3; and col. . Furthermore, Boyle's techniques do not include participation of the 
end devices (in contrast to Applicant's Claim 36); this has been discussed in Applicant's 
specification on p. 8, lines 14-17. See col. 4, lines 24 - 25, where Boyle states that his SNIUs ? 
which operate as a type of boundary devices, "encapsulate the network with a ring of secure 
units". 

In view of the above, Applicant respectfully submits that his Claim 36 is patentably 
distinct from Boyle's teachings, and the Examiner is therefore respectfully requested to withdraw 
the §102 rejection. 

HI. Re jection Under 35 U.S.C. S103fa) 

paragraph 9 of the Office Action states that Claims 1 - 35 are rejected under 35 U«S.C 
§ 103(a) as being unpatentable over Stallings, Cryptography and Network Security , in view of 
Boyle. This rejection is respectfully traversed. 

With regard to Applicant's independent Claim 1, paragraphs 10(a) and 10(b) refer to Fig. 
13.1 0(d) of Stallings as teaching "a first security association between a first host and a boundary 
device" (para 10(a)) and "a second security association between a second host and the boundary 
device" (para. 10(b)). Applicant respectfully submits that what is shown in Fig. 13.1 0(d) is 
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nested security associations, whereas what is claimed in Applicant's Claim 1 are two 
independent security associations. That is, Stallings shows a first security association between a 
first host and a boundary device, and a second security association between the first host and a 
second host This is distinct from Applicant's claimed technique, where the security associations 
have in common the boundary device. 

Applicant therefore respectfully submits that his independent Claims 1, 12, and 20 are 
patentably distinct from Stallings and/or Boyle, and that his dependent Claims 2-11,13-19, 
and 21 - 27 are therefore patentable over these references as welL 

With regard to Applicant's independent Claim 28, paragraph 23 of the Office Action cites 
Stallings, page 420, Fig. 13.10(c), "case 3". Applicant's Claim 28 specifies a first security 
association between a first host and a first boundary device; a second security association 
between a second host and a second boundary device; and a third security association between 
the first boundary device and the second boundary device. Stallings' Fig. 13. 10(c) fails to teach 
the first security association and the second security association in accordance with Applicant's 
claim language. Instead, Fig. 13.10(c) shows an end-to-end tunnel between two hosts (in 
addition to a tunnel security association between two gateways). Applicant's invention does not 
use tunnel security associations. Accordingly, Applicant respectfully submits that his 
independent Claim 28 is patentably distinct from the references, and that dependent Claims 28 - 
35 and 37 (which is derived from Claim 28) are therefore patentable over these references as 
well. 
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In view of the above, the Examiner is respectfully requested to withdraw the §103 
rejection. 

IV. Conclusion 

Applicant respectfully requests reconsideration of the pending rejected claims, 
withdrawal of all presently outstanding rejections, and allowance of all remaining claims at an 
early date. 

Respectfully submitted, 



Marcfct L. Doubet 
Attorney for Applicant 
Reg. No. 40,999 
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